The Guardian is Still Working to Recover From Cyber Incident

Updated on 2023-01-04: The Guardian is Still Working to Recover From Cyber Incident

UK news publication The Guardian is still working to recover from a “serious network disruption” due to what is likely a ransomware attack that began on December 21. Two weeks after the fact, employees are being told to continue to work from home.

Note

• Traditionally, like satellite ground systems, publishers often relied on air-gap separation between “research” networks like the internet and business critical publishing systems. Too often, even after all the pandemic work at home changes, publishing companies are still relying on isolation that no longer exists. Using NIST IR 8401 as a starting point, block-replacing “satellite ground control segment” with “your name here” would be a decent starting point.
• Ransomware gangs didn’t take a holiday break, and if anything, are upping their game. Take a pause and make sure that your response plan is still good to go, and as the workforce dynamic of local and home workers continues to evolve, make sure services you planned to rely on during a disruption are still in place, e.g., increased VPN capacity at the height of the pandemic, incorporating any lifecycle activities into your planning.

Updated on 2022-12-21: The Guardian Experienced a Ransomware Attack

UK newspaper the Guardian has disclosed that it was the victim of a ransomware attack. The attack began the evening of Tuesday, December 21. The attack affected portions of the Guardian’s technology infrastructure; employees were instructed to work from home.

Note

• Even with the attack, the Guardian is able to produce their printed edition with updated stories leveraging teleworking. This is a good example to support your BCP efforts, to include testing, which includes tangible results which are understandable in the board room.

Read more in

• Guardian hit by serious IT incident believed to be ransomware attack

Updated on 2022-12-20: The Guardian ransomware attack

Some parts of The Guardian’s IT infrastructure went down this week, with the paper tentatively calling the incident a ransomware attack. The UK news org has told staff to work from home until it sorts things out. The incident appears to have impacted their entire data center network, per researchers.

Overview

The Guardian newspaper suffered a severe ransomware attack that impacted some parts of the company’s technology infrastructure and behind-the-scenes services.